X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fhelpers%2Fpeertube-crypto.ts;h=b8f7c782ae7b88ba88463d14f156d43d65a9dec1;hb=75b7117f078461d2507572ba9da6527894e1b734;hp=9eb7823026cc3222bca162ed6841bef45152300d;hpb=8c559fad1e1c4c2ab7f1388c73200aa4c6256d74;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts index 9eb782302..b8f7c782a 100644 --- a/server/helpers/peertube-crypto.ts +++ b/server/helpers/peertube-crypto.ts @@ -1,19 +1,19 @@ +import { compare, genSalt, hash } from 'bcrypt' +import { createSign, createVerify } from 'crypto' import { Request } from 'express' +import { cloneDeep } from 'lodash' +import { sha256 } from '@shared/extra-utils' import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers/constants' -import { createPrivateKey, getPublicKey, promisify1, promisify2, sha256 } from './core-utils' +import { MActor } from '../types/models' +import { createPrivateKey, getPublicKey, promisify1, promisify2 } from './core-utils' import { jsonld } from './custom-jsonld-signature' import { logger } from './logger' -import { cloneDeep } from 'lodash' -import { createSign, createVerify } from 'crypto' -import { buildDigest } from '../lib/job-queue/handlers/utils/activitypub-http-utils' -import * as bcrypt from 'bcrypt' -import { MActor } from '../typings/models' -const bcryptComparePromise = promisify2(bcrypt.compare) -const bcryptGenSaltPromise = promisify1(bcrypt.genSalt) -const bcryptHashPromise = promisify2(bcrypt.hash) +const bcryptComparePromise = promisify2(compare) +const bcryptGenSaltPromise = promisify1(genSalt) +const bcryptHashPromise = promisify2(hash) -const httpSignature = require('http-signature') +const httpSignature = require('@peertube/http-signature') async function createPrivateAndPublicKeys () { logger.info('Generating a RSA key...') @@ -51,7 +51,11 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool } function parseHTTPSignature (req: Request, clockSkew?: number) { - return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, clockSkew }) + const headers = req.method === 'POST' + ? HTTP_SIGNATURE.REQUIRED_HEADERS.POST + : HTTP_SIGNATURE.REQUIRED_HEADERS.ALL + + return httpSignature.parse(req, { clockSkew, headers }) } // JSONLD @@ -81,7 +85,7 @@ async function isJsonLDRSA2017Verified (fromActor: MActor, signedDocument: any) return verify.verify(fromActor.publicKey, signedDocument.signature.signatureValue, 'base64') } -async function signJsonLDObject (byActor: MActor, data: any) { +async function signJsonLDObject (byActor: MActor, data: T) { const signature = { type: 'RsaSignature2017', creator: byActor.url, @@ -104,12 +108,19 @@ async function signJsonLDObject (byActor: MActor, data: any) { return Object.assign(data, { signature }) } +function buildDigest (body: any) { + const rawBody = typeof body === 'string' ? body : JSON.stringify(body) + + return 'SHA-256=' + sha256(rawBody, 'base64') +} + // --------------------------------------------------------------------------- export { isHTTPSignatureDigestValid, parseHTTPSignature, isHTTPSignatureVerified, + buildDigest, isJsonLDSignatureVerified, comparePassword, createPrivateAndPublicKeys, @@ -119,7 +130,7 @@ export { // --------------------------------------------------------------------------- -function hash (obj: any): Promise { +function hashObject (obj: any): Promise { return jsonld.promises .normalize(obj, { algorithm: 'URDNA2015', @@ -141,12 +152,12 @@ function createSignatureHash (signature: any) { delete signatureCopy.id delete signatureCopy.signatureValue - return hash(signatureCopy) + return hashObject(signatureCopy) } function createDocWithoutSignatureHash (doc: any) { const docWithoutSignature = cloneDeep(doc) delete docWithoutSignature.signature - return hash(docWithoutSignature) + return hashObject(docWithoutSignature) }